blob: 86809bf50f15c27c83185e94348c808127a870f6 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
|
security_fixes:
- >
**security issue** - Convert CLI provided passwords to text initially, to
prevent unsafe context being lost when converting from bytes->text during
post processing of PlayContext. This prevents CLI provided passwords from
being incorrectly templated (CVE-2019-14856)
- >
**security issue** - Update ``AnsibleUnsafeText`` and ``AnsibleUnsafeBytes``
to maintain unsafe context by overriding ``.encode`` and ``.decode``. This
prevents future issues with ``to_text``, ``to_bytes``, or ``to_native``
removing the unsafe wrapper when converting between string types
(CVE-2019-14856)
|
